Creating Kerberos users
You can use password authentication or the cassandra@REALM Kerberos principal to create Kerberos users.
DataStax Enterprise automatically creates a cassandra superuser, which you can authenticate as and use cqlsh to create other users. Two methods are available:
-
Use password authentication:
- In the cassandra.yaml file, set the authenticator to org.apache.cassandra.auth.PasswordAuthenticator.
- Start cqlsh and login using the superuser name and
password:
$ ./cqlsh -u cassandra -p cassandra
- Create the other Kerberos users, such as user@REALM. Be sure to create at least one with superuser privileges.
- Remove the cassandra user. See DROP USER. This step is optional but highly recommended.
- Re-enable Kerberos authorization in the cassandra.yaml
file:
authenticator: com.datastax.bdp.cassandra.auth.KerberosAuthenticator
- Use the cassandra@REALM Kerberos principal:
- As shown in step 6 in Authenticating a DataStax Enterprise cluster with Kerberos, create a cassandra@REALM Kerberos principal and turn on Kerberos authorization.
- Log in and create the other Kerberos users. Be sure to create at least one with superuser privileges.
- Remove the cassandra user. See DROP USER. This step is optional but highly recommended.